That makes sense now understanding how CPE equipment has evolved into segmenting layer 2 services like that. /48 it is.
Most GPON networks are composed of large layer 2 rings. No way to break that up without adding additional equipment and that can get costly. With IPv4 we got around the need to configure discrete VLANs/subnets by putting all customers in the same VLAN and turning on the DHCP snooping/source-guard features. My remaining question is why isn't this desired with IPv6? What security concerns are there with turning up SLAAC / DHCPv6 within the same /64 for everyone that are different from IPv4? Joshua Moore Network Engineer ATC Broadband 912.632.3161 - O | 912.218.3720 - M -----Original Message----- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Tuesday, September 08, 2015 3:55 PM To: Josh Moore Cc: Owen DeLong; nanog@nanog.org Subject: Re: IPv6 Subscriber Access Deployments On Tue, 08 Sep 2015 19:40:44 -0000, Josh Moore said: > The question becomes manageability. Unique VLAN per customer is not > always scalable. For example, only ~4000 VLAN tags. What happens when > you have more than that many customers? If you're hanging 4K customers off the same switch, you probably have bigger issues than running out of VLAN tags... > We are talking very, very, small customers here. SOHO to say the most. > /64 should be more than sufficient for their CPE router. A Linksys WNDR3800 running CeroWRT (and probably OpenWRT by now) will prefer to create multiple /64's - one for the 4 wired ports, one for private access on the 2.4G radio, one for guest access on the 2.4, and another private/guest pair on the 5G radio. So there is CPE gear out there now that can blow through 5 /64s by default, and more if you enable VLANs. A /56 allocated via DHCPv6-PD would be a *minimum*. And prefixes are cheap, so you may as well hand them a /48, just in case they have a second WNDR3800 at the other end of the building for coverage - because that one will then ask the upstream one for a -PD allocation. So if you give the CPE a /48, it can keep a /56 for itself, and hand the downstream a /56, and they can each allocate /64s as needed. And remember - prefixes are cheap and plentiful, so don't bother with /52 or /60, just split on 8-bit boundaries to make life easier for yourself...
